I'm trying to learn some basics about other possibility of gaining root access by possible hack threat.
1. My server deny all SSH IP inside /etc/hosts.deny 2. SSH is only allowed on my fixed IP /etc/hosts.allow 3. My ssh port is default port 22 (I assume it's safe since hosts.deny is denying all IP anyhow) 4. My server uses sudo (so a hacker needs to guess a username) provided he can spoof my IP in hosts.allow or something
Now that is security at SSH level.. any improvement?
How about security at Apache port 80. My server has PHP & MySQL.. can hacker hack to my server using other services or port such as webshell or something?
I'm also having concern about defacement on server, any tips other than disabling php openbase dir?
